A novel hybrid textual-graphical authentication scheme with better security, memorability, and usability

Nizamani, Shah Zaman, Hassan, Syed Raheel, Shaikh, Riaz Ahmed ORCID: https://orcid.org/0000-0001-6666-0253, Abozinadah, Ehab Atif and Mehmood, Rashid (2021) A novel hybrid textual-graphical authentication scheme with better security, memorability, and usability. IEEE Access, 9. pp. 51294-51312. ISSN 2169-3536

[thumbnail of A_Novel_Hybrid_Textual-Graphical_Authentication_Scheme_With_Better_Security_Memorability_and_Usability]
Preview
PDF (A_Novel_Hybrid_Textual-Graphical_Authentication_Scheme_With_Better_Security_Memorability_and_Usability) - Published Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.

Download (2MB) | Preview

Abstract

Despite numerous efforts, developing an authentication scheme that offers strong security while offering memorability and usability remains a grand challenge. In this paper, we propose a textual-graphical hybrid authentication scheme that improves the security, memorability and usability inadequacies of existing authentication schemes. This has been achieved by combining a range of mechanisms together, in a novel manner, to address weaknesses of the existing security schemes. Firstly, two dynamically selectable modes of password entry (Easy Login, and Secure Login) provide a trade-off between usability and security, allowing the user to dynamically switch to any of these methods in real-time based on the security of the surrounding environment (e.g., secure home environment versus insecure public places) or the criticality of the user account (e.g., a bank account). The other mechanisms included a novel use of the drawmetric mechanism for setting the password to improve memorability, multistep authentication, a novel adaptation of one-time password (OTP) concept using a random selection of password elements, random placement of password elements in different steps, assigning random numbers to the password elements to increase security, and use of simple addition to improve security. We have implemented and analysed the proposed scheme for its security against brute-force attacks, dictionary, shoulder surfing, random guessing, phishing or forming, keystroke/mouse logger, and multiple recording attacks. We have also investigated its usability and memorability, reporting various trends of password elements used and the respective authentication times. Moreover, we have compared the proposed scheme with eight other well-known authentication schemes in terms of its resilience and authentication time. The results and analyses demonstrate the effectiveness of the proposed scheme. We believe that a range of novel methods introduced in this proposed scheme opens several doors for innovation in security techniques.

Item Type: Article
Uncontrolled Keywords: authentication,graphical passwords,password security,textual passwords,computer science(all),materials science(all),engineering(all) ,/dk/atira/pure/subjectarea/asjc/1700
Faculty \ School: Faculty of Science > School of Computing Sciences
UEA Research Groups: Faculty of Science > Research Groups > Cyber Security Privacy and Trust Laboratory
Related URLs:
Depositing User: LivePure Connector
Date Deposited: 30 May 2022 13:30
Last Modified: 02 Sep 2023 01:17
URI: https://ueaeprints.uea.ac.uk/id/eprint/85251
DOI: 10.1109/ACCESS.2021.3069164

Downloads

Downloads per month over past year

Actions (login required)

View Item View Item